Zte ZXR10 2900 Series

To Next Page

To Previous Page

ZXR102900SeriesUserManual

IEEE802.1xiscalledport-basednetworkaccesscontrolprotocol.

Itsprotocolsystemincludesthreekeyparts:clientsystem,au-

thenticationsystem,andauthenticationserver .

1.Theclientsystemisgenerallyauserterminalsystemin-

stalledwiththeclientsoftware.Asubscriberoriginatesthe

IEEE802.1xprotocolauthenticationprocessthroughthisclient

software.Tosupporttheport-basednetworkaccesscontrol,

theclientsystemmustsupporttheExtensibleAuthentication

ProtocolOverLAN(EAPOL).

2.Theauthenticationsystemisgenerallynetworkequipmentthat

supportstheIEEE802.1xprotocol,forexample,theswitch.

Correspondingtotheportsofdifferentsubscribers(theports

couldbephysicalportsorMACaddress,VLAN,orIPaddressof

theuserequipment),theauthenticationsystemhastwologi-

calports:controlledportanduncontrolledport.

�Theuncontrolledportisalwaysinthestatethatthebidirec-

tionalconnectionsareavailable.Itisusedtotransferthe

EAPOLframesandcanensurethattheclientcanalways

sendorreceivetheauthentication.

�Thecontrolportisenabledonlywhentheauthenticationis

passed.Itisusedtotransferthenetworkresourceandser-

vices.Thecontrolledportcanbeconguredasbidirectional

controlledorinputcontrolledtomeettherequirementof

differentapplications.Ifthesubscriberauthenticationis

notpassed,thissubscribercannotvisittheservicespro-

videdbytheauthenticationsystem.

ThecontrolledportanduncontrolledportintheIEEE

802.1xprotocolarelogicalports.Therearenosuchphysi-

calportsontheequipment.TheIEEE802.1xprotocolsets

upalocalauthenticationforeachsubscriberthatother

subscriberscannotuse.Thus,therewillnotbesucha

problemthattheportisusedbyothersubscribersafter

theportisenabled.

3.TheauthenticationserverisgenerallyaRADIUSserver .This

servercanstorealotofsubscriberinformation,suchasVLAN

thatthesubscriberbelongsto,CARparameters,priority,sub-

scriberaccesscontrollist,andsoon.Aftertheauthentication

ofasubscriberispassed,theauthenticationserverwillpass

theinformationofthissubscribertotheauthenticationsystem,

whichwillcreateadynamicaccesscontrollist.Thesubsequent

owofthesubscriberwillbemonitoredbytheaboveparam-

eters.TheauthenticationsystemcommunicateswiththeRA-

DIUSserverthroughtheRADIUSprotocol.

RADIUSisaprotocolstandardusedfortheauthentication,autho-

rization,andexchangeofcongurationdatabetweentheRadius

serverandRadiusclient.

RADIUSadoptstheClient/Servermode.TheClientrunsonthe

NAS.Itisresponsibleforsendingthesubscriberinformationto

thespeciedRadiusserverandcarryingoutoperationsaccording

totheresultreturnedbytheserver .

TheRadiusAuthenticationServerisresponsibleforreceivingthe

subscriberconnectionrequest,verifyingthesubscriberidentity,

andreturningthecongurationinformationrequiredbythecus-

tomer .ARadiusAuthenticationServercanserveasaRADIUScus-

tomerproxytoconnecttoanotherRadiusAuthenticationServer .

172CondentialandProprietaryInformationofZTECORPORATION

Main Page

Zte ZXR10 2900 Series - Page 184

Table of Contents

Related product manuals